<?php
//create.php

//** Each page that is "stand alone" must have this variable.
$authorizedPage = true; 
require('config.php');

function icFail($errorNum){
	generateErrorPage($errorNum);
}


$recipieID = NULL;

//echo "Insert<br />";

if($user){
//echo "User<br />";
	if(isset($_POST['createGo'])){
	//	echo "CreateGo <br />";
		//**Sanitize Data
		//!!A more specific error function is needed
		//If the userdata is too short, an error page is called
		
		$name 			= NULL;
		$description 	= NULL;
		$steps 			= NULL;
		$ingredients 	= NULL;
		$materials 		= NULL;
		$tags           = NULL;
		
		
		//*Sanitize Title
		if(!isset($_POST['rName'])) icFail(9);
		if(sanitize($_POST['rName']) == 9) icFail(9);
		$name = $_POST['rName'];
		
		//**Sanitize Description
		if(!isset($_POST['description'])) icFail(9);
		if(sanitize($_POST['description']) == 9) icFail(9);
		$description = $_POST['description'];
		
		//**Sanitize Steps
		foreach($_POST['step'] as $key=>$value){
			if(sanitize($value) == 9) icFail(9);
			$steps .= $value . "%NEXT%";
		}
		
		//**Sanitize Ingredients
		foreach($_POST['ingredient'] as $key=>$value){
			if(sanitize($value) == 9) icFail(9);
			$_POST['ingredient'][$key] = $value;
			$ingredients .= $value . "%NEXT%";
		}
		
		//**Sanitize Materials
		foreach($_POST['material'] as $key=>$value){
			if(sanitize($value) == 9) icFail(9);
			$_POST['material'][$key] = $value;
			$materials .= $value . "%NEXT%";
		}
		
		//**Sanitize Tags
		foreach($_POST['tag'] as $key=>$value){
			if(sanitize($value) == 9) icFail(9);
			$_POST['tag'][$key] = $value;
			$tags .= $value . "%NEXT%";
		}
		
		require('imageupload.php');
		
		//**Insert Data Into Database
		//!!Do a saftey check to ensure the same recipie isn't inserted twice
		
		$recipieID = rand_string(15);
		$userID = $user_profile['id'];

		mysql_query("INSERT INTO recipie VALUES (
		'$recipieID',
		'$userID',
		'',
		'$description',
		'$name',
		'$steps',
		'$ingredients',
		'$materials',
		'$tags',
		'$img_main',
		'$img_step',
		'$img_ingr',
		'$img_mate'
		)")
		or die(mysql_error());
			
		
	}
}
else generateErrorPage(300); //User is not signed in, do not upload.


?>

<!--Shell Start-->
<!DOCTYPE HTML>
<html>

<head>
<title>Create.php</title>
<link rel="stylesheet" type="text/css" href="libraries/style.css" />

<script type="text/javascript">
	function redirect(){
		window.location = "view.php?rid=<?php echo $recipieID ?>";
	}
</script>

</head>

<body onLoad="setTimeout('redirect()',2000)">
	
	<div id="contain">

		<div id="primitiveHead">
			<img id="logo" alt="Friendly Cooks" src="images/logo.png" />
			<div id="logoContain"></div>
			<?php require('facebook/f_authenticate.php'); ?>
			<input id="search" name="search" type="text" value="search..." />
			<input id="go" type="button" name="searchGO" value="Go!" />
			<a href="create.php"><img id="create" src="images/createrecipe.png" /></a>
		</div>
	

	
		<div id="primitiveBody">
			<h1>Welcome to Friendly Cooks!</h1>
			
			<div class="primitiveContent">
				<h5>Redirecting...</h5>
				<p>Please wait to be redirected to your recipe!</p>
			</div>
			
			<div id="primitiveFoot">
				<img id="minilogo" alt="Friendly Cooks" src="images/logo.png" />
				
				<span id="footLinks">
					<a href="index.php">Home</a> |
					<a href="create.php">Create</a> |
					<a href="view.php">View</a> |
					<a href="search.php">Search</a> |
					<a href="privacy.php">Privacy</a> |
					<a href="contact.php">Contact</a> |
					<a href="account.php" id="accountFoot">My Account</a>
					
					<span>&copy; 2012 Friendly Cooks</span>
				</span>
			</div>
		</div>
	</div>


</body>
</html>

<?php
mysql_close();

?>